How keylogger works

This post how keylogger works will explain in detail that how keylogger works and how to secure you system from the keylogger.At the end of this post you can download sample keylogger for demonstration or testing.

I Create Keylogger Generator For This Tutorial .

Before that let us know about key logger

“Keystroke logging (more often called keylogging or “keylogger”) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored” For complete explanation I created my keylogger, but it is not a professional keylogger so don’t use it for hacking purpose.
Source : Wikipedia

There are different types of keyloggers but the the keylogger you are going to download is api based keylogger.

API-based Keylogger: These keyloggers hook keyboard apis; the operating system then notifies the keylogger each time a key is pressed and the keylogger simply records it. Windows apis such as getasynckeystate(), getforegroundwindow(), etc. Are used to poll the state of the keyboard or to subscribe to keyboard events. These types of keyloggers are the easiest to write, but where constant polling of each key is required, they can cause a noticeable increase in CPU usage, and can also miss the occasional key. A more recent example simply polls the BIOS for pre-boot authentication pins that have not been cleared from memory.

Before we discuss how keylogger works. Let us look at its logic.

Common Properties of api based keylogger

  • keylogger and any other malicious program can’t be ended from the task manager. Whatever the aim of malicious program priority will be given to its own security.These program runs for eternity and can’t be terminated by task manager or any other method except window safe mode.How keylogger protect itself and run continue in the system.
    1. First method is to hide the process from the task manager.
      Process Can Be Hide In Window 98 and 95 Calling “registerserviceprocess” function in kernel32.dll. new window os like xp,vista and window7 ,this function is missing in kernel32.dll however there are still another method available for these system.
      1.  second method is to run two process simultaneously.
        By running two process simultaneously, two process will protect each other. two process can’t be terminated at the same time. if you end first process, the second process restart it and vice-versa.

    This Keylogger Works Using Second Method.

    • They always start when your window register itself in window registery.
    • They overload your cpu memory and something your system may hang.

How keylogger Works.

When You Execute It, It Spam Three File In System

 [ Directory:@username/appsdata/Roaming]

  1. Keylogger.exe
  2. Guard.exe
  3. Mailer.exe”

records your keystroke event.
(your username and password) in file

Mailer.exe mail the log.txt file every 30 minute,
to your mail address, you entered before you generate it.

Guard.exe is used to protect the two processes. If you try to end any one of the three the other two will try to restart it.

It will automatic restart when window starts because it register itself in window registry

Registry path:

If you try to remove this key it will again register it in 1sec.

Cure Of Keylogger

> Run Window In Safe Mode >> Open Registry Editor

Navigate the path


>> If there is something suspicious as in above “keylogger”. then note the string. value “C:/User/Phoenix/AppData/Roaming/Gaurd.exe”

>> Delete the key “keylogger” and delete the related files

(eg: keylogger.exe,mailer.exe,guard.exe ) of location “c:/user/phoenix/appdata/roaming” you noted

Prevention from these type of program:

>> Keep your antivirus updated.

>> Keep your password at least eight character long containing two or more symbol.

>> Don’t run suspicious software with full admin right

>> Never disable uac .

>> Be careful using crack or patch.

If you want practical then download it and try by yourself. And check how keylogger works

Before you download this program please note :

  • Don’t use this keylogger generator as a hacking tool, because your gmail id and password is stored in [AppData/Local/Mailer] directory of your PC.
  • If your window’s safe boot not working then change your gmail password. It will then unable to send text file, and destroy itself automatically after 30 minute.

password is

  • rishii2129

    nice post :)

  • rishii2129

    nice post :)